Docs Home
oci.Core.IpsecConnectionTunnelManagement
Explore with Pulumi AI
This resource provides the Ip Sec Connection Tunnel Management resource in Oracle Cloud Infrastructure Core service.
Updates the specified tunnel. This operation lets you change tunnel attributes such as the routing type (BGP dynamic routing or static routing). Here are some important notes:
* If you change the tunnel's routing type or BGP session configuration, the tunnel will go
down while it's reprovisioned.
* If you want to switch the tunnel's `routing` from `STATIC` to `BGP`, make sure the tunnel's
BGP session configuration attributes have been set (bgpSessionConfig).
* If you want to switch the tunnel's `routing` from `BGP` to `STATIC`, make sure the
IPSecConnection already has at least one valid CIDR
static route.
** IMPORTANT **
Destroying the oci.Core.IpsecConnectionTunnelManagement leaves the resource in its existing state. It will not destroy the tunnel and it will not return the tunnel to its default values.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";
const testIpSecConnectionTunnel = new oci.core.IpsecConnectionTunnelManagement("test_ip_sec_connection_tunnel", {
ipsecId: testIpsec.id,
tunnelId: testIpSecConnectionTunnels.ipSecConnectionTunnels[0].id,
routing: ipSecConnectionTunnelManagementRouting,
bgpSessionInfo: {
customerBgpAsn: ipSecConnectionTunnelManagementBgpSessionInfoCustomerBgpAsn,
customerInterfaceIp: ipSecConnectionTunnelManagementBgpSessionInfoCustomerInterfaceIp,
oracleInterfaceIp: ipSecConnectionTunnelManagementBgpSessionInfoOracleInterfaceIp,
},
displayName: ipSecConnectionTunnelManagementDisplayName,
encryptionDomainConfig: {
cpeTrafficSelectors: ipSecConnectionTunnelManagementEncryptionDomainConfigCpeTrafficSelector,
oracleTrafficSelectors: ipSecConnectionTunnelManagementEncryptionDomainConfigOracleTrafficSelector,
},
sharedSecret: ipSecConnectionTunnelManagementSharedSecret,
ikeVersion: "V1",
});
import pulumi
import pulumi_oci as oci
test_ip_sec_connection_tunnel = oci.core.IpsecConnectionTunnelManagement("test_ip_sec_connection_tunnel",
ipsec_id=test_ipsec["id"],
tunnel_id=test_ip_sec_connection_tunnels["ipSecConnectionTunnels"][0]["id"],
routing=ip_sec_connection_tunnel_management_routing,
bgp_session_info={
"customer_bgp_asn": ip_sec_connection_tunnel_management_bgp_session_info_customer_bgp_asn,
"customer_interface_ip": ip_sec_connection_tunnel_management_bgp_session_info_customer_interface_ip,
"oracle_interface_ip": ip_sec_connection_tunnel_management_bgp_session_info_oracle_interface_ip,
},
display_name=ip_sec_connection_tunnel_management_display_name,
encryption_domain_config={
"cpe_traffic_selectors": ip_sec_connection_tunnel_management_encryption_domain_config_cpe_traffic_selector,
"oracle_traffic_selectors": ip_sec_connection_tunnel_management_encryption_domain_config_oracle_traffic_selector,
},
shared_secret=ip_sec_connection_tunnel_management_shared_secret,
ike_version="V1")
package main
import (
"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/core"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := core.NewIpsecConnectionTunnelManagement(ctx, "test_ip_sec_connection_tunnel", &core.IpsecConnectionTunnelManagementArgs{
IpsecId: pulumi.Any(testIpsec.Id),
TunnelId: pulumi.Any(testIpSecConnectionTunnels.IpSecConnectionTunnels[0].Id),
Routing: pulumi.Any(ipSecConnectionTunnelManagementRouting),
BgpSessionInfo: &core.IpsecConnectionTunnelManagementBgpSessionInfoArgs{
CustomerBgpAsn: pulumi.Any(ipSecConnectionTunnelManagementBgpSessionInfoCustomerBgpAsn),
CustomerInterfaceIp: pulumi.Any(ipSecConnectionTunnelManagementBgpSessionInfoCustomerInterfaceIp),
OracleInterfaceIp: pulumi.Any(ipSecConnectionTunnelManagementBgpSessionInfoOracleInterfaceIp),
},
DisplayName: pulumi.Any(ipSecConnectionTunnelManagementDisplayName),
EncryptionDomainConfig: &core.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs{
CpeTrafficSelectors: pulumi.Any(ipSecConnectionTunnelManagementEncryptionDomainConfigCpeTrafficSelector),
OracleTrafficSelectors: pulumi.Any(ipSecConnectionTunnelManagementEncryptionDomainConfigOracleTrafficSelector),
},
SharedSecret: pulumi.Any(ipSecConnectionTunnelManagementSharedSecret),
IkeVersion: pulumi.String("V1"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;
return await Deployment.RunAsync(() =>
{
var testIpSecConnectionTunnel = new Oci.Core.IpsecConnectionTunnelManagement("test_ip_sec_connection_tunnel", new()
{
IpsecId = testIpsec.Id,
TunnelId = testIpSecConnectionTunnels.IpSecConnectionTunnels[0].Id,
Routing = ipSecConnectionTunnelManagementRouting,
BgpSessionInfo = new Oci.Core.Inputs.IpsecConnectionTunnelManagementBgpSessionInfoArgs
{
CustomerBgpAsn = ipSecConnectionTunnelManagementBgpSessionInfoCustomerBgpAsn,
CustomerInterfaceIp = ipSecConnectionTunnelManagementBgpSessionInfoCustomerInterfaceIp,
OracleInterfaceIp = ipSecConnectionTunnelManagementBgpSessionInfoOracleInterfaceIp,
},
DisplayName = ipSecConnectionTunnelManagementDisplayName,
EncryptionDomainConfig = new Oci.Core.Inputs.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs
{
CpeTrafficSelectors = ipSecConnectionTunnelManagementEncryptionDomainConfigCpeTrafficSelector,
OracleTrafficSelectors = ipSecConnectionTunnelManagementEncryptionDomainConfigOracleTrafficSelector,
},
SharedSecret = ipSecConnectionTunnelManagementSharedSecret,
IkeVersion = "V1",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.Core.IpsecConnectionTunnelManagement;
import com.pulumi.oci.Core.IpsecConnectionTunnelManagementArgs;
import com.pulumi.oci.Core.inputs.IpsecConnectionTunnelManagementBgpSessionInfoArgs;
import com.pulumi.oci.Core.inputs.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testIpSecConnectionTunnel = new IpsecConnectionTunnelManagement("testIpSecConnectionTunnel", IpsecConnectionTunnelManagementArgs.builder()
.ipsecId(testIpsec.id())
.tunnelId(testIpSecConnectionTunnels.ipSecConnectionTunnels()[0].id())
.routing(ipSecConnectionTunnelManagementRouting)
.bgpSessionInfo(IpsecConnectionTunnelManagementBgpSessionInfoArgs.builder()
.customerBgpAsn(ipSecConnectionTunnelManagementBgpSessionInfoCustomerBgpAsn)
.customerInterfaceIp(ipSecConnectionTunnelManagementBgpSessionInfoCustomerInterfaceIp)
.oracleInterfaceIp(ipSecConnectionTunnelManagementBgpSessionInfoOracleInterfaceIp)
.build())
.displayName(ipSecConnectionTunnelManagementDisplayName)
.encryptionDomainConfig(IpsecConnectionTunnelManagementEncryptionDomainConfigArgs.builder()
.cpeTrafficSelectors(ipSecConnectionTunnelManagementEncryptionDomainConfigCpeTrafficSelector)
.oracleTrafficSelectors(ipSecConnectionTunnelManagementEncryptionDomainConfigOracleTrafficSelector)
.build())
.sharedSecret(ipSecConnectionTunnelManagementSharedSecret)
.ikeVersion("V1")
.build());
}
}
resources:
testIpSecConnectionTunnel:
type: oci:Core:IpsecConnectionTunnelManagement
name: test_ip_sec_connection_tunnel
properties:
ipsecId: ${testIpsec.id}
tunnelId: ${testIpSecConnectionTunnels.ipSecConnectionTunnels[0].id}
routing: ${ipSecConnectionTunnelManagementRouting}
bgpSessionInfo:
customerBgpAsn: ${ipSecConnectionTunnelManagementBgpSessionInfoCustomerBgpAsn}
customerInterfaceIp: ${ipSecConnectionTunnelManagementBgpSessionInfoCustomerInterfaceIp}
oracleInterfaceIp: ${ipSecConnectionTunnelManagementBgpSessionInfoOracleInterfaceIp}
displayName: ${ipSecConnectionTunnelManagementDisplayName}
encryptionDomainConfig:
cpeTrafficSelectors: ${ipSecConnectionTunnelManagementEncryptionDomainConfigCpeTrafficSelector}
oracleTrafficSelectors: ${ipSecConnectionTunnelManagementEncryptionDomainConfigOracleTrafficSelector}
sharedSecret: ${ipSecConnectionTunnelManagementSharedSecret}
ikeVersion: V1
Create IpsecConnectionTunnelManagement Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new IpsecConnectionTunnelManagement(name: string, args: IpsecConnectionTunnelManagementArgs, opts?: CustomResourceOptions);@overload
def IpsecConnectionTunnelManagement(resource_name: str,
args: IpsecConnectionTunnelManagementArgs,
opts: Optional[ResourceOptions] = None)
@overload
def IpsecConnectionTunnelManagement(resource_name: str,
opts: Optional[ResourceOptions] = None,
ipsec_id: Optional[str] = None,
tunnel_id: Optional[str] = None,
nat_translation_enabled: Optional[str] = None,
encryption_domain_config: Optional[_core.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs] = None,
ike_version: Optional[str] = None,
dpd_configs: Optional[Sequence[_core.IpsecConnectionTunnelManagementDpdConfigArgs]] = None,
bgp_session_info: Optional[_core.IpsecConnectionTunnelManagementBgpSessionInfoArgs] = None,
oracle_can_initiate: Optional[str] = None,
phase_one_details: Optional[_core.IpsecConnectionTunnelManagementPhaseOneDetailsArgs] = None,
phase_two_details: Optional[_core.IpsecConnectionTunnelManagementPhaseTwoDetailsArgs] = None,
routing: Optional[str] = None,
shared_secret: Optional[str] = None,
display_name: Optional[str] = None)func NewIpsecConnectionTunnelManagement(ctx *Context, name string, args IpsecConnectionTunnelManagementArgs, opts ...ResourceOption) (*IpsecConnectionTunnelManagement, error)public IpsecConnectionTunnelManagement(string name, IpsecConnectionTunnelManagementArgs args, CustomResourceOptions? opts = null)
public IpsecConnectionTunnelManagement(String name, IpsecConnectionTunnelManagementArgs args)
public IpsecConnectionTunnelManagement(String name, IpsecConnectionTunnelManagementArgs args, CustomResourceOptions options)
type: oci:Core:IpsecConnectionTunnelManagement
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args IpsecConnectionTunnelManagementArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args IpsecConnectionTunnelManagementArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args IpsecConnectionTunnelManagementArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args IpsecConnectionTunnelManagementArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args IpsecConnectionTunnelManagementArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var ipsecConnectionTunnelManagementResource = new Oci.Core.IpsecConnectionTunnelManagement("ipsecConnectionTunnelManagementResource", new()
{
IpsecId = "string",
TunnelId = "string",
NatTranslationEnabled = "string",
EncryptionDomainConfig = new Oci.Core.Inputs.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs
{
CpeTrafficSelectors = new[]
{
"string",
},
OracleTrafficSelectors = new[]
{
"string",
},
},
IkeVersion = "string",
DpdConfigs = new[]
{
new Oci.Core.Inputs.IpsecConnectionTunnelManagementDpdConfigArgs
{
DpdMode = "string",
DpdTimeoutInSec = 0,
},
},
BgpSessionInfo = new Oci.Core.Inputs.IpsecConnectionTunnelManagementBgpSessionInfoArgs
{
BgpIpv6State = "string",
BgpState = "string",
CustomerBgpAsn = "string",
CustomerInterfaceIp = "string",
CustomerInterfaceIpv6 = "string",
OracleBgpAsn = "string",
OracleInterfaceIp = "string",
OracleInterfaceIpv6 = "string",
},
OracleCanInitiate = "string",
PhaseOneDetails = new Oci.Core.Inputs.IpsecConnectionTunnelManagementPhaseOneDetailsArgs
{
CustomAuthenticationAlgorithm = "string",
CustomDhGroup = "string",
CustomEncryptionAlgorithm = "string",
IsCustomPhaseOneConfig = false,
IsIkeEstablished = false,
Lifetime = 0,
NegotiatedAuthenticationAlgorithm = "string",
NegotiatedDhGroup = "string",
NegotiatedEncryptionAlgorithm = "string",
RemainingLifetimeInt = 0,
RemainingLifetimeLastRetrieved = "string",
},
PhaseTwoDetails = new Oci.Core.Inputs.IpsecConnectionTunnelManagementPhaseTwoDetailsArgs
{
CustomAuthenticationAlgorithm = "string",
CustomEncryptionAlgorithm = "string",
DhGroup = "string",
IsCustomPhaseTwoConfig = false,
IsEspEstablished = false,
IsPfsEnabled = false,
Lifetime = 0,
NegotiatedAuthenticationAlgorithm = "string",
NegotiatedDhGroup = "string",
NegotiatedEncryptionAlgorithm = "string",
RemainingLifetimeInt = 0,
RemainingLifetimeLastRetrieved = "string",
},
Routing = "string",
SharedSecret = "string",
DisplayName = "string",
});
example, err := Core.NewIpsecConnectionTunnelManagement(ctx, "ipsecConnectionTunnelManagementResource", &Core.IpsecConnectionTunnelManagementArgs{
IpsecId: pulumi.String("string"),
TunnelId: pulumi.String("string"),
NatTranslationEnabled: pulumi.String("string"),
EncryptionDomainConfig: &core.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs{
CpeTrafficSelectors: pulumi.StringArray{
pulumi.String("string"),
},
OracleTrafficSelectors: pulumi.StringArray{
pulumi.String("string"),
},
},
IkeVersion: pulumi.String("string"),
DpdConfigs: core.IpsecConnectionTunnelManagementDpdConfigArray{
&core.IpsecConnectionTunnelManagementDpdConfigArgs{
DpdMode: pulumi.String("string"),
DpdTimeoutInSec: pulumi.Int(0),
},
},
BgpSessionInfo: &core.IpsecConnectionTunnelManagementBgpSessionInfoArgs{
BgpIpv6State: pulumi.String("string"),
BgpState: pulumi.String("string"),
CustomerBgpAsn: pulumi.String("string"),
CustomerInterfaceIp: pulumi.String("string"),
CustomerInterfaceIpv6: pulumi.String("string"),
OracleBgpAsn: pulumi.String("string"),
OracleInterfaceIp: pulumi.String("string"),
OracleInterfaceIpv6: pulumi.String("string"),
},
OracleCanInitiate: pulumi.String("string"),
PhaseOneDetails: &core.IpsecConnectionTunnelManagementPhaseOneDetailsArgs{
CustomAuthenticationAlgorithm: pulumi.String("string"),
CustomDhGroup: pulumi.String("string"),
CustomEncryptionAlgorithm: pulumi.String("string"),
IsCustomPhaseOneConfig: pulumi.Bool(false),
IsIkeEstablished: pulumi.Bool(false),
Lifetime: pulumi.Int(0),
NegotiatedAuthenticationAlgorithm: pulumi.String("string"),
NegotiatedDhGroup: pulumi.String("string"),
NegotiatedEncryptionAlgorithm: pulumi.String("string"),
RemainingLifetimeInt: pulumi.Int(0),
RemainingLifetimeLastRetrieved: pulumi.String("string"),
},
PhaseTwoDetails: &core.IpsecConnectionTunnelManagementPhaseTwoDetailsArgs{
CustomAuthenticationAlgorithm: pulumi.String("string"),
CustomEncryptionAlgorithm: pulumi.String("string"),
DhGroup: pulumi.String("string"),
IsCustomPhaseTwoConfig: pulumi.Bool(false),
IsEspEstablished: pulumi.Bool(false),
IsPfsEnabled: pulumi.Bool(false),
Lifetime: pulumi.Int(0),
NegotiatedAuthenticationAlgorithm: pulumi.String("string"),
NegotiatedDhGroup: pulumi.String("string"),
NegotiatedEncryptionAlgorithm: pulumi.String("string"),
RemainingLifetimeInt: pulumi.Int(0),
RemainingLifetimeLastRetrieved: pulumi.String("string"),
},
Routing: pulumi.String("string"),
SharedSecret: pulumi.String("string"),
DisplayName: pulumi.String("string"),
})
var ipsecConnectionTunnelManagementResource = new IpsecConnectionTunnelManagement("ipsecConnectionTunnelManagementResource", IpsecConnectionTunnelManagementArgs.builder()
.ipsecId("string")
.tunnelId("string")
.natTranslationEnabled("string")
.encryptionDomainConfig(IpsecConnectionTunnelManagementEncryptionDomainConfigArgs.builder()
.cpeTrafficSelectors("string")
.oracleTrafficSelectors("string")
.build())
.ikeVersion("string")
.dpdConfigs(IpsecConnectionTunnelManagementDpdConfigArgs.builder()
.dpdMode("string")
.dpdTimeoutInSec(0)
.build())
.bgpSessionInfo(IpsecConnectionTunnelManagementBgpSessionInfoArgs.builder()
.bgpIpv6State("string")
.bgpState("string")
.customerBgpAsn("string")
.customerInterfaceIp("string")
.customerInterfaceIpv6("string")
.oracleBgpAsn("string")
.oracleInterfaceIp("string")
.oracleInterfaceIpv6("string")
.build())
.oracleCanInitiate("string")
.phaseOneDetails(IpsecConnectionTunnelManagementPhaseOneDetailsArgs.builder()
.customAuthenticationAlgorithm("string")
.customDhGroup("string")
.customEncryptionAlgorithm("string")
.isCustomPhaseOneConfig(false)
.isIkeEstablished(false)
.lifetime(0)
.negotiatedAuthenticationAlgorithm("string")
.negotiatedDhGroup("string")
.negotiatedEncryptionAlgorithm("string")
.remainingLifetimeInt(0)
.remainingLifetimeLastRetrieved("string")
.build())
.phaseTwoDetails(IpsecConnectionTunnelManagementPhaseTwoDetailsArgs.builder()
.customAuthenticationAlgorithm("string")
.customEncryptionAlgorithm("string")
.dhGroup("string")
.isCustomPhaseTwoConfig(false)
.isEspEstablished(false)
.isPfsEnabled(false)
.lifetime(0)
.negotiatedAuthenticationAlgorithm("string")
.negotiatedDhGroup("string")
.negotiatedEncryptionAlgorithm("string")
.remainingLifetimeInt(0)
.remainingLifetimeLastRetrieved("string")
.build())
.routing("string")
.sharedSecret("string")
.displayName("string")
.build());
ipsec_connection_tunnel_management_resource = oci.core.IpsecConnectionTunnelManagement("ipsecConnectionTunnelManagementResource",
ipsec_id="string",
tunnel_id="string",
nat_translation_enabled="string",
encryption_domain_config={
"cpe_traffic_selectors": ["string"],
"oracle_traffic_selectors": ["string"],
},
ike_version="string",
dpd_configs=[{
"dpd_mode": "string",
"dpd_timeout_in_sec": 0,
}],
bgp_session_info={
"bgp_ipv6_state": "string",
"bgp_state": "string",
"customer_bgp_asn": "string",
"customer_interface_ip": "string",
"customer_interface_ipv6": "string",
"oracle_bgp_asn": "string",
"oracle_interface_ip": "string",
"oracle_interface_ipv6": "string",
},
oracle_can_initiate="string",
phase_one_details={
"custom_authentication_algorithm": "string",
"custom_dh_group": "string",
"custom_encryption_algorithm": "string",
"is_custom_phase_one_config": False,
"is_ike_established": False,
"lifetime": 0,
"negotiated_authentication_algorithm": "string",
"negotiated_dh_group": "string",
"negotiated_encryption_algorithm": "string",
"remaining_lifetime_int": 0,
"remaining_lifetime_last_retrieved": "string",
},
phase_two_details={
"custom_authentication_algorithm": "string",
"custom_encryption_algorithm": "string",
"dh_group": "string",
"is_custom_phase_two_config": False,
"is_esp_established": False,
"is_pfs_enabled": False,
"lifetime": 0,
"negotiated_authentication_algorithm": "string",
"negotiated_dh_group": "string",
"negotiated_encryption_algorithm": "string",
"remaining_lifetime_int": 0,
"remaining_lifetime_last_retrieved": "string",
},
routing="string",
shared_secret="string",
display_name="string")
const ipsecConnectionTunnelManagementResource = new oci.core.IpsecConnectionTunnelManagement("ipsecConnectionTunnelManagementResource", {
ipsecId: "string",
tunnelId: "string",
natTranslationEnabled: "string",
encryptionDomainConfig: {
cpeTrafficSelectors: ["string"],
oracleTrafficSelectors: ["string"],
},
ikeVersion: "string",
dpdConfigs: [{
dpdMode: "string",
dpdTimeoutInSec: 0,
}],
bgpSessionInfo: {
bgpIpv6State: "string",
bgpState: "string",
customerBgpAsn: "string",
customerInterfaceIp: "string",
customerInterfaceIpv6: "string",
oracleBgpAsn: "string",
oracleInterfaceIp: "string",
oracleInterfaceIpv6: "string",
},
oracleCanInitiate: "string",
phaseOneDetails: {
customAuthenticationAlgorithm: "string",
customDhGroup: "string",
customEncryptionAlgorithm: "string",
isCustomPhaseOneConfig: false,
isIkeEstablished: false,
lifetime: 0,
negotiatedAuthenticationAlgorithm: "string",
negotiatedDhGroup: "string",
negotiatedEncryptionAlgorithm: "string",
remainingLifetimeInt: 0,
remainingLifetimeLastRetrieved: "string",
},
phaseTwoDetails: {
customAuthenticationAlgorithm: "string",
customEncryptionAlgorithm: "string",
dhGroup: "string",
isCustomPhaseTwoConfig: false,
isEspEstablished: false,
isPfsEnabled: false,
lifetime: 0,
negotiatedAuthenticationAlgorithm: "string",
negotiatedDhGroup: "string",
negotiatedEncryptionAlgorithm: "string",
remainingLifetimeInt: 0,
remainingLifetimeLastRetrieved: "string",
},
routing: "string",
sharedSecret: "string",
displayName: "string",
});
type: oci:Core:IpsecConnectionTunnelManagement
properties:
bgpSessionInfo:
bgpIpv6State: string
bgpState: string
customerBgpAsn: string
customerInterfaceIp: string
customerInterfaceIpv6: string
oracleBgpAsn: string
oracleInterfaceIp: string
oracleInterfaceIpv6: string
displayName: string
dpdConfigs:
- dpdMode: string
dpdTimeoutInSec: 0
encryptionDomainConfig:
cpeTrafficSelectors:
- string
oracleTrafficSelectors:
- string
ikeVersion: string
ipsecId: string
natTranslationEnabled: string
oracleCanInitiate: string
phaseOneDetails:
customAuthenticationAlgorithm: string
customDhGroup: string
customEncryptionAlgorithm: string
isCustomPhaseOneConfig: false
isIkeEstablished: false
lifetime: 0
negotiatedAuthenticationAlgorithm: string
negotiatedDhGroup: string
negotiatedEncryptionAlgorithm: string
remainingLifetimeInt: 0
remainingLifetimeLastRetrieved: string
phaseTwoDetails:
customAuthenticationAlgorithm: string
customEncryptionAlgorithm: string
dhGroup: string
isCustomPhaseTwoConfig: false
isEspEstablished: false
isPfsEnabled: false
lifetime: 0
negotiatedAuthenticationAlgorithm: string
negotiatedDhGroup: string
negotiatedEncryptionAlgorithm: string
remainingLifetimeInt: 0
remainingLifetimeLastRetrieved: string
routing: string
sharedSecret: string
tunnelId: string
IpsecConnectionTunnelManagement Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The IpsecConnectionTunnelManagement resource accepts the following input properties:
- Ipsec
Id string - The OCID of the IPSec connection.
- Tunnel
Id string - The OCID of the IPSec connection's tunnel.
- Bgp
Session IpsecInfo Connection Tunnel Management Bgp Session Info Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.
If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.
- Display
Name string - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
- Dpd
Configs List<IpsecConnection Tunnel Management Dpd Config> - Encryption
Domain IpsecConfig Connection Tunnel Management Encryption Domain Config - Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
- Ike
Version string - Internet Key Exchange protocol version.
- Nat
Translation stringEnabled By default (the
AUTOsetting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.The
ENABLEDoption sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.The
DISABLEDoption directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.- Oracle
Can stringInitiate - Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (
RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER). - Phase
One IpsecDetails Connection Tunnel Management Phase One Details Configuration details for IKE phase one (ISAKMP) configuration parameters.
See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.
- Phase
Two IpsecDetails Connection Tunnel Management Phase Two Details Configuration details for IPSec phase two configuration parameters.
See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.
- Routing string
- The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
- string
- The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example:
EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
- Ipsec
Id string - The OCID of the IPSec connection.
- Tunnel
Id string - The OCID of the IPSec connection's tunnel.
- Bgp
Session IpsecInfo Connection Tunnel Management Bgp Session Info Args Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.
If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.
- Display
Name string - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
- Dpd
Configs []IpsecConnection Tunnel Management Dpd Config Args - Encryption
Domain IpsecConfig Connection Tunnel Management Encryption Domain Config Args - Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
- Ike
Version string - Internet Key Exchange protocol version.
- Nat
Translation stringEnabled By default (the
AUTOsetting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.The
ENABLEDoption sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.The
DISABLEDoption directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.- Oracle
Can stringInitiate - Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (
RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER). - Phase
One IpsecDetails Connection Tunnel Management Phase One Details Args Configuration details for IKE phase one (ISAKMP) configuration parameters.
See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.
- Phase
Two IpsecDetails Connection Tunnel Management Phase Two Details Args Configuration details for IPSec phase two configuration parameters.
See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.
- Routing string
- The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
- string
- The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example:
EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
- ipsec
Id String - The OCID of the IPSec connection.
- tunnel
Id String - The OCID of the IPSec connection's tunnel.
- bgp
Session IpsecInfo Connection Tunnel Management Bgp Session Info Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.
If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.
- display
Name String - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
- dpd
Configs List<IpsecConnection Tunnel Management Dpd Config> - encryption
Domain IpsecConfig Connection Tunnel Management Encryption Domain Config - Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
- ike
Version String - Internet Key Exchange protocol version.
- nat
Translation StringEnabled By default (the
AUTOsetting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.The
ENABLEDoption sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.The
DISABLEDoption directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.- oracle
Can StringInitiate - Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (
RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER). - phase
One IpsecDetails Connection Tunnel Management Phase One Details Configuration details for IKE phase one (ISAKMP) configuration parameters.
See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.
- phase
Two IpsecDetails Connection Tunnel Management Phase Two Details Configuration details for IPSec phase two configuration parameters.
See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.
- routing String
- The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
- String
- The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example:
EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
- ipsec
Id string - The OCID of the IPSec connection.
- tunnel
Id string - The OCID of the IPSec connection's tunnel.
- bgp
Session IpsecInfo Connection Tunnel Management Bgp Session Info Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.
If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.
- display
Name string - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
- dpd
Configs IpsecConnection Tunnel Management Dpd Config[] - encryption
Domain IpsecConfig Connection Tunnel Management Encryption Domain Config - Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
- ike
Version string - Internet Key Exchange protocol version.
- nat
Translation stringEnabled By default (the
AUTOsetting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.The
ENABLEDoption sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.The
DISABLEDoption directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.- oracle
Can stringInitiate - Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (
RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER). - phase
One IpsecDetails Connection Tunnel Management Phase One Details Configuration details for IKE phase one (ISAKMP) configuration parameters.
See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.
- phase
Two IpsecDetails Connection Tunnel Management Phase Two Details Configuration details for IPSec phase two configuration parameters.
See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.
- routing string
- The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
- string
- The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example:
EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
- ipsec_
id str - The OCID of the IPSec connection.
- tunnel_
id str - The OCID of the IPSec connection's tunnel.
- bgp_
session_ core.info Ipsec Connection Tunnel Management Bgp Session Info Args Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.
If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.
- display_
name str - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
- dpd_
configs Sequence[core.Ipsec Connection Tunnel Management Dpd Config Args] - encryption_
domain_ core.config Ipsec Connection Tunnel Management Encryption Domain Config Args - Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
- ike_
version str - Internet Key Exchange protocol version.
- nat_
translation_ strenabled By default (the
AUTOsetting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.The
ENABLEDoption sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.The
DISABLEDoption directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.- oracle_
can_ strinitiate - Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (
RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER). - phase_
one_ core.details Ipsec Connection Tunnel Management Phase One Details Args Configuration details for IKE phase one (ISAKMP) configuration parameters.
See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.
- phase_
two_ core.details Ipsec Connection Tunnel Management Phase Two Details Args Configuration details for IPSec phase two configuration parameters.
See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.
- routing str
- The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
- str
- The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example:
EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
- ipsec
Id String - The OCID of the IPSec connection.
- tunnel
Id String - The OCID of the IPSec connection's tunnel.
- bgp
Session Property MapInfo Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.
If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.
- display
Name String - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
- dpd
Configs List<Property Map> - encryption
Domain Property MapConfig - Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
- ike
Version String - Internet Key Exchange protocol version.
- nat
Translation StringEnabled By default (the
AUTOsetting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.The
ENABLEDoption sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.The
DISABLEDoption directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.- oracle
Can StringInitiate - Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (
RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER). - phase
One Property MapDetails Configuration details for IKE phase one (ISAKMP) configuration parameters.
See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.
- phase
Two Property MapDetails Configuration details for IPSec phase two configuration parameters.
See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.
- routing String
- The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
- String
- The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example:
EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o
Outputs
All input properties are implicitly available as output properties. Additionally, the IpsecConnectionTunnelManagement resource produces the following output properties:
- Associated
Virtual List<string>Circuits - The list of virtual circuit OCIDs over which your network can reach this tunnel.
- Compartment
Id string - The OCID of the compartment containing the tunnel.
- Cpe
Ip string - The IP address of the CPE device's VPN headend. Example:
203.0.113.22 - Dpd
Mode string - Dead peer detection (DPD) mode set on the Oracle side of the connection.
- Dpd
Timeout intIn Sec - DPD timeout in seconds.
- Id string
- The provider-assigned unique ID for this managed resource.
- State string
- The IPSec connection's tunnel's lifecycle state.
- Status string
- The tunnel's current state.
- Time
Created string - The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - Time
Status stringUpdated - When the status of the tunnel last changed, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - Vpn
Ip string - The IP address of Oracle's VPN headend. Example:
129.146.17.50
- Associated
Virtual []stringCircuits - The list of virtual circuit OCIDs over which your network can reach this tunnel.
- Compartment
Id string - The OCID of the compartment containing the tunnel.
- Cpe
Ip string - The IP address of the CPE device's VPN headend. Example:
203.0.113.22 - Dpd
Mode string - Dead peer detection (DPD) mode set on the Oracle side of the connection.
- Dpd
Timeout intIn Sec - DPD timeout in seconds.
- Id string
- The provider-assigned unique ID for this managed resource.
- State string
- The IPSec connection's tunnel's lifecycle state.
- Status string
- The tunnel's current state.
- Time
Created string - The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - Time
Status stringUpdated - When the status of the tunnel last changed, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - Vpn
Ip string - The IP address of Oracle's VPN headend. Example:
129.146.17.50
- associated
Virtual List<String>Circuits - The list of virtual circuit OCIDs over which your network can reach this tunnel.
- compartment
Id String - The OCID of the compartment containing the tunnel.
- cpe
Ip String - The IP address of the CPE device's VPN headend. Example:
203.0.113.22 - dpd
Mode String - Dead peer detection (DPD) mode set on the Oracle side of the connection.
- dpd
Timeout IntegerIn Sec - DPD timeout in seconds.
- id String
- The provider-assigned unique ID for this managed resource.
- state String
- The IPSec connection's tunnel's lifecycle state.
- status String
- The tunnel's current state.
- time
Created String - The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - time
Status StringUpdated - When the status of the tunnel last changed, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - vpn
Ip String - The IP address of Oracle's VPN headend. Example:
129.146.17.50
- associated
Virtual string[]Circuits - The list of virtual circuit OCIDs over which your network can reach this tunnel.
- compartment
Id string - The OCID of the compartment containing the tunnel.
- cpe
Ip string - The IP address of the CPE device's VPN headend. Example:
203.0.113.22 - dpd
Mode string - Dead peer detection (DPD) mode set on the Oracle side of the connection.
- dpd
Timeout numberIn Sec - DPD timeout in seconds.
- id string
- The provider-assigned unique ID for this managed resource.
- state string
- The IPSec connection's tunnel's lifecycle state.
- status string
- The tunnel's current state.
- time
Created string - The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - time
Status stringUpdated - When the status of the tunnel last changed, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - vpn
Ip string - The IP address of Oracle's VPN headend. Example:
129.146.17.50
- associated_
virtual_ Sequence[str]circuits - The list of virtual circuit OCIDs over which your network can reach this tunnel.
- compartment_
id str - The OCID of the compartment containing the tunnel.
- cpe_
ip str - The IP address of the CPE device's VPN headend. Example:
203.0.113.22 - dpd_
mode str - Dead peer detection (DPD) mode set on the Oracle side of the connection.
- dpd_
timeout_ intin_ sec - DPD timeout in seconds.
- id str
- The provider-assigned unique ID for this managed resource.
- state str
- The IPSec connection's tunnel's lifecycle state.
- status str
- The tunnel's current state.
- time_
created str - The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - time_
status_ strupdated - When the status of the tunnel last changed, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - vpn_
ip str - The IP address of Oracle's VPN headend. Example:
129.146.17.50
- associated
Virtual List<String>Circuits - The list of virtual circuit OCIDs over which your network can reach this tunnel.
- compartment
Id String - The OCID of the compartment containing the tunnel.
- cpe
Ip String - The IP address of the CPE device's VPN headend. Example:
203.0.113.22 - dpd
Mode String - Dead peer detection (DPD) mode set on the Oracle side of the connection.
- dpd
Timeout NumberIn Sec - DPD timeout in seconds.
- id String
- The provider-assigned unique ID for this managed resource.
- state String
- The IPSec connection's tunnel's lifecycle state.
- status String
- The tunnel's current state.
- time
Created String - The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - time
Status StringUpdated - When the status of the tunnel last changed, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - vpn
Ip String - The IP address of Oracle's VPN headend. Example:
129.146.17.50
Look up Existing IpsecConnectionTunnelManagement Resource
Get an existing IpsecConnectionTunnelManagement resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: IpsecConnectionTunnelManagementState, opts?: CustomResourceOptions): IpsecConnectionTunnelManagement@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
associated_virtual_circuits: Optional[Sequence[str]] = None,
bgp_session_info: Optional[_core.IpsecConnectionTunnelManagementBgpSessionInfoArgs] = None,
compartment_id: Optional[str] = None,
cpe_ip: Optional[str] = None,
display_name: Optional[str] = None,
dpd_configs: Optional[Sequence[_core.IpsecConnectionTunnelManagementDpdConfigArgs]] = None,
dpd_mode: Optional[str] = None,
dpd_timeout_in_sec: Optional[int] = None,
encryption_domain_config: Optional[_core.IpsecConnectionTunnelManagementEncryptionDomainConfigArgs] = None,
ike_version: Optional[str] = None,
ipsec_id: Optional[str] = None,
nat_translation_enabled: Optional[str] = None,
oracle_can_initiate: Optional[str] = None,
phase_one_details: Optional[_core.IpsecConnectionTunnelManagementPhaseOneDetailsArgs] = None,
phase_two_details: Optional[_core.IpsecConnectionTunnelManagementPhaseTwoDetailsArgs] = None,
routing: Optional[str] = None,
shared_secret: Optional[str] = None,
state: Optional[str] = None,
status: Optional[str] = None,
time_created: Optional[str] = None,
time_status_updated: Optional[str] = None,
tunnel_id: Optional[str] = None,
vpn_ip: Optional[str] = None) -> IpsecConnectionTunnelManagementfunc GetIpsecConnectionTunnelManagement(ctx *Context, name string, id IDInput, state *IpsecConnectionTunnelManagementState, opts ...ResourceOption) (*IpsecConnectionTunnelManagement, error)public static IpsecConnectionTunnelManagement Get(string name, Input<string> id, IpsecConnectionTunnelManagementState? state, CustomResourceOptions? opts = null)public static IpsecConnectionTunnelManagement get(String name, Output<String> id, IpsecConnectionTunnelManagementState state, CustomResourceOptions options)resources: _: type: oci:Core:IpsecConnectionTunnelManagement get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Associated
Virtual List<string>Circuits - The list of virtual circuit OCIDs over which your network can reach this tunnel.
- Bgp
Session IpsecInfo Connection Tunnel Management Bgp Session Info Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.
If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.
- Compartment
Id string - The OCID of the compartment containing the tunnel.
- Cpe
Ip string - The IP address of the CPE device's VPN headend. Example:
203.0.113.22 - Display
Name string - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
- Dpd
Configs List<IpsecConnection Tunnel Management Dpd Config> - Dpd
Mode string - Dead peer detection (DPD) mode set on the Oracle side of the connection.
- Dpd
Timeout intIn Sec - DPD timeout in seconds.
- Encryption
Domain IpsecConfig Connection Tunnel Management Encryption Domain Config - Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
- Ike
Version string - Internet Key Exchange protocol version.
- Ipsec
Id string - The OCID of the IPSec connection.
- Nat
Translation stringEnabled By default (the
AUTOsetting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.The
ENABLEDoption sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.The
DISABLEDoption directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.- Oracle
Can stringInitiate - Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (
RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER). - Phase
One IpsecDetails Connection Tunnel Management Phase One Details Configuration details for IKE phase one (ISAKMP) configuration parameters.
See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.
- Phase
Two IpsecDetails Connection Tunnel Management Phase Two Details Configuration details for IPSec phase two configuration parameters.
See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.
- Routing string
- The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
- string
- The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example:
EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o - State string
- The IPSec connection's tunnel's lifecycle state.
- Status string
- The tunnel's current state.
- Time
Created string - The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - Time
Status stringUpdated - When the status of the tunnel last changed, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - Tunnel
Id string - The OCID of the IPSec connection's tunnel.
- Vpn
Ip string - The IP address of Oracle's VPN headend. Example:
129.146.17.50
- Associated
Virtual []stringCircuits - The list of virtual circuit OCIDs over which your network can reach this tunnel.
- Bgp
Session IpsecInfo Connection Tunnel Management Bgp Session Info Args Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.
If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.
- Compartment
Id string - The OCID of the compartment containing the tunnel.
- Cpe
Ip string - The IP address of the CPE device's VPN headend. Example:
203.0.113.22 - Display
Name string - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
- Dpd
Configs []IpsecConnection Tunnel Management Dpd Config Args - Dpd
Mode string - Dead peer detection (DPD) mode set on the Oracle side of the connection.
- Dpd
Timeout intIn Sec - DPD timeout in seconds.
- Encryption
Domain IpsecConfig Connection Tunnel Management Encryption Domain Config Args - Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
- Ike
Version string - Internet Key Exchange protocol version.
- Ipsec
Id string - The OCID of the IPSec connection.
- Nat
Translation stringEnabled By default (the
AUTOsetting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.The
ENABLEDoption sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.The
DISABLEDoption directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.- Oracle
Can stringInitiate - Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (
RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER). - Phase
One IpsecDetails Connection Tunnel Management Phase One Details Args Configuration details for IKE phase one (ISAKMP) configuration parameters.
See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.
- Phase
Two IpsecDetails Connection Tunnel Management Phase Two Details Args Configuration details for IPSec phase two configuration parameters.
See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.
- Routing string
- The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
- string
- The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example:
EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o - State string
- The IPSec connection's tunnel's lifecycle state.
- Status string
- The tunnel's current state.
- Time
Created string - The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - Time
Status stringUpdated - When the status of the tunnel last changed, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - Tunnel
Id string - The OCID of the IPSec connection's tunnel.
- Vpn
Ip string - The IP address of Oracle's VPN headend. Example:
129.146.17.50
- associated
Virtual List<String>Circuits - The list of virtual circuit OCIDs over which your network can reach this tunnel.
- bgp
Session IpsecInfo Connection Tunnel Management Bgp Session Info Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.
If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.
- compartment
Id String - The OCID of the compartment containing the tunnel.
- cpe
Ip String - The IP address of the CPE device's VPN headend. Example:
203.0.113.22 - display
Name String - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
- dpd
Configs List<IpsecConnection Tunnel Management Dpd Config> - dpd
Mode String - Dead peer detection (DPD) mode set on the Oracle side of the connection.
- dpd
Timeout IntegerIn Sec - DPD timeout in seconds.
- encryption
Domain IpsecConfig Connection Tunnel Management Encryption Domain Config - Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
- ike
Version String - Internet Key Exchange protocol version.
- ipsec
Id String - The OCID of the IPSec connection.
- nat
Translation StringEnabled By default (the
AUTOsetting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.The
ENABLEDoption sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.The
DISABLEDoption directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.- oracle
Can StringInitiate - Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (
RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER). - phase
One IpsecDetails Connection Tunnel Management Phase One Details Configuration details for IKE phase one (ISAKMP) configuration parameters.
See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.
- phase
Two IpsecDetails Connection Tunnel Management Phase Two Details Configuration details for IPSec phase two configuration parameters.
See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.
- routing String
- The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
- String
- The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example:
EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o - state String
- The IPSec connection's tunnel's lifecycle state.
- status String
- The tunnel's current state.
- time
Created String - The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - time
Status StringUpdated - When the status of the tunnel last changed, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - tunnel
Id String - The OCID of the IPSec connection's tunnel.
- vpn
Ip String - The IP address of Oracle's VPN headend. Example:
129.146.17.50
- associated
Virtual string[]Circuits - The list of virtual circuit OCIDs over which your network can reach this tunnel.
- bgp
Session IpsecInfo Connection Tunnel Management Bgp Session Info Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.
If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.
- compartment
Id string - The OCID of the compartment containing the tunnel.
- cpe
Ip string - The IP address of the CPE device's VPN headend. Example:
203.0.113.22 - display
Name string - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
- dpd
Configs IpsecConnection Tunnel Management Dpd Config[] - dpd
Mode string - Dead peer detection (DPD) mode set on the Oracle side of the connection.
- dpd
Timeout numberIn Sec - DPD timeout in seconds.
- encryption
Domain IpsecConfig Connection Tunnel Management Encryption Domain Config - Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
- ike
Version string - Internet Key Exchange protocol version.
- ipsec
Id string - The OCID of the IPSec connection.
- nat
Translation stringEnabled By default (the
AUTOsetting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.The
ENABLEDoption sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.The
DISABLEDoption directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.- oracle
Can stringInitiate - Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (
RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER). - phase
One IpsecDetails Connection Tunnel Management Phase One Details Configuration details for IKE phase one (ISAKMP) configuration parameters.
See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.
- phase
Two IpsecDetails Connection Tunnel Management Phase Two Details Configuration details for IPSec phase two configuration parameters.
See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.
- routing string
- The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
- string
- The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example:
EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o - state string
- The IPSec connection's tunnel's lifecycle state.
- status string
- The tunnel's current state.
- time
Created string - The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - time
Status stringUpdated - When the status of the tunnel last changed, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - tunnel
Id string - The OCID of the IPSec connection's tunnel.
- vpn
Ip string - The IP address of Oracle's VPN headend. Example:
129.146.17.50
- associated_
virtual_ Sequence[str]circuits - The list of virtual circuit OCIDs over which your network can reach this tunnel.
- bgp_
session_ core.info Ipsec Connection Tunnel Management Bgp Session Info Args Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.
If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.
- compartment_
id str - The OCID of the compartment containing the tunnel.
- cpe_
ip str - The IP address of the CPE device's VPN headend. Example:
203.0.113.22 - display_
name str - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
- dpd_
configs Sequence[core.Ipsec Connection Tunnel Management Dpd Config Args] - dpd_
mode str - Dead peer detection (DPD) mode set on the Oracle side of the connection.
- dpd_
timeout_ intin_ sec - DPD timeout in seconds.
- encryption_
domain_ core.config Ipsec Connection Tunnel Management Encryption Domain Config Args - Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
- ike_
version str - Internet Key Exchange protocol version.
- ipsec_
id str - The OCID of the IPSec connection.
- nat_
translation_ strenabled By default (the
AUTOsetting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.The
ENABLEDoption sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.The
DISABLEDoption directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.- oracle_
can_ strinitiate - Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (
RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER). - phase_
one_ core.details Ipsec Connection Tunnel Management Phase One Details Args Configuration details for IKE phase one (ISAKMP) configuration parameters.
See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.
- phase_
two_ core.details Ipsec Connection Tunnel Management Phase Two Details Args Configuration details for IPSec phase two configuration parameters.
See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.
- routing str
- The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
- str
- The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example:
EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o - state str
- The IPSec connection's tunnel's lifecycle state.
- status str
- The tunnel's current state.
- time_
created str - The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - time_
status_ strupdated - When the status of the tunnel last changed, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - tunnel_
id str - The OCID of the IPSec connection's tunnel.
- vpn_
ip str - The IP address of Oracle's VPN headend. Example:
129.146.17.50
- associated
Virtual List<String>Circuits - The list of virtual circuit OCIDs over which your network can reach this tunnel.
- bgp
Session Property MapInfo Information for establishing a BGP session for the IPSec tunnel. Required if the tunnel uses BGP dynamic routing.
If the tunnel instead uses static routing, you may optionally provide this object and set an IP address for one or both ends of the IPSec tunnel for the purposes of troubleshooting or monitoring the tunnel.
- compartment
Id String - The OCID of the compartment containing the tunnel.
- cpe
Ip String - The IP address of the CPE device's VPN headend. Example:
203.0.113.22 - display
Name String - A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.
- dpd
Configs List<Property Map> - dpd
Mode String - Dead peer detection (DPD) mode set on the Oracle side of the connection.
- dpd
Timeout NumberIn Sec - DPD timeout in seconds.
- encryption
Domain Property MapConfig - Configuration information used by the encryption domain policy. Required if the tunnel uses POLICY routing.
- ike
Version String - Internet Key Exchange protocol version.
- ipsec
Id String - The OCID of the IPSec connection.
- nat
Translation StringEnabled By default (the
AUTOsetting), IKE sends packets with a source and destination port set to 500, and when it detects that the port used to forward packets has changed (most likely because a NAT device is between the CPE device and the Oracle VPN headend) it will try to negotiate the use of NAT-T.The
ENABLEDoption sets the IKE protocol to use port 4500 instead of 500 and forces encapsulating traffic with the ESP protocol inside UDP packets.The
DISABLEDoption directs IKE to completely refuse to negotiate NAT-T even if it senses there may be a NAT device in use.- oracle
Can StringInitiate - Indicates whether Oracle can only respond to a request to start an IPSec tunnel from the CPE device (
RESPONDER_ONLY), or both respond to and initiate requests (INITIATOR_OR_RESPONDER). - phase
One Property MapDetails Configuration details for IKE phase one (ISAKMP) configuration parameters.
See PhaseOneConfigDetails for allowed values but note naming scheme follows TunnelPhaseOneDetails.
- phase
Two Property MapDetails Configuration details for IPSec phase two configuration parameters.
See PhaseTwoConfigDetails for allowed values, but note naming scheme follows TunnelPhaseTwoDetails.
- routing String
- The type of routing to use for this tunnel (either BGP dynamic routing, STATIC routing or POLICY routing).
- String
- The shared secret (pre-shared key) to use for the IPSec tunnel. If you don't provide a value, Oracle generates a value for you. You can specify your own shared secret later if you like with UpdateIPSecConnectionTunnelSharedSecret. Example:
EXAMPLEToUis6j1c.p8G.dVQxcmdfMO0yXMLi.lZTbYCMDGu4V8o - state String
- The IPSec connection's tunnel's lifecycle state.
- status String
- The tunnel's current state.
- time
Created String - The date and time the IPSec connection tunnel was created, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - time
Status StringUpdated - When the status of the tunnel last changed, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z - tunnel
Id String - The OCID of the IPSec connection's tunnel.
- vpn
Ip String - The IP address of Oracle's VPN headend. Example:
129.146.17.50
Supporting Types
IpsecConnectionTunnelManagementBgpSessionInfo, IpsecConnectionTunnelManagementBgpSessionInfoArgs
- Bgp
Ipv6State string - The state of the BGP IPv6 session.
- Bgp
Ipv6state string - Bgp
State string - The state of the BGP session.
- Customer
Bgp stringAsn If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.If the tunnel's
routingattribute is set toSTATIC, thecustomerBgpAsnmust be null.Example:
12345(2-byte) or1587232876(4-byte)- Customer
Interface stringIp The IP address for the CPE end of the inside tunnel interface.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.If
routingis instead set toSTATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.The value must be a /30 or /31.
Example:
10.0.0.5/31- Customer
Interface stringIpv6 The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.If
routingis instead set toSTATIC, you can set this IP address to troubleshoot or monitor the tunnel.Only subnet masks from /64 up to /127 are allowed.
Example:
2001:db8::1/64- Oracle
Bgp stringAsn - The Oracle BGP ASN.
- Oracle
Interface stringIp The IP address for the Oracle end of the inside tunnel interface.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.If
routingis instead set toSTATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.The value must be a /30 or /31.
Example:
10.0.0.4/31- Oracle
Interface stringIpv6 The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.If
routingis instead set toSTATIC, you can set this IP address to troubleshoot or monitor the tunnel.Only subnet masks from /64 up to /127 are allowed.
Example:
2001:db8::1/64
- Bgp
Ipv6State string - The state of the BGP IPv6 session.
- Bgp
Ipv6state string - Bgp
State string - The state of the BGP session.
- Customer
Bgp stringAsn If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.If the tunnel's
routingattribute is set toSTATIC, thecustomerBgpAsnmust be null.Example:
12345(2-byte) or1587232876(4-byte)- Customer
Interface stringIp The IP address for the CPE end of the inside tunnel interface.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.If
routingis instead set toSTATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.The value must be a /30 or /31.
Example:
10.0.0.5/31- Customer
Interface stringIpv6 The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.If
routingis instead set toSTATIC, you can set this IP address to troubleshoot or monitor the tunnel.Only subnet masks from /64 up to /127 are allowed.
Example:
2001:db8::1/64- Oracle
Bgp stringAsn - The Oracle BGP ASN.
- Oracle
Interface stringIp The IP address for the Oracle end of the inside tunnel interface.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.If
routingis instead set toSTATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.The value must be a /30 or /31.
Example:
10.0.0.4/31- Oracle
Interface stringIpv6 The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.If
routingis instead set toSTATIC, you can set this IP address to troubleshoot or monitor the tunnel.Only subnet masks from /64 up to /127 are allowed.
Example:
2001:db8::1/64
- bgp
Ipv6State String - The state of the BGP IPv6 session.
- bgp
Ipv6state String - bgp
State String - The state of the BGP session.
- customer
Bgp StringAsn If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.If the tunnel's
routingattribute is set toSTATIC, thecustomerBgpAsnmust be null.Example:
12345(2-byte) or1587232876(4-byte)- customer
Interface StringIp The IP address for the CPE end of the inside tunnel interface.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.If
routingis instead set toSTATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.The value must be a /30 or /31.
Example:
10.0.0.5/31- customer
Interface StringIpv6 The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.If
routingis instead set toSTATIC, you can set this IP address to troubleshoot or monitor the tunnel.Only subnet masks from /64 up to /127 are allowed.
Example:
2001:db8::1/64- oracle
Bgp StringAsn - The Oracle BGP ASN.
- oracle
Interface StringIp The IP address for the Oracle end of the inside tunnel interface.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.If
routingis instead set toSTATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.The value must be a /30 or /31.
Example:
10.0.0.4/31- oracle
Interface StringIpv6 The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.If
routingis instead set toSTATIC, you can set this IP address to troubleshoot or monitor the tunnel.Only subnet masks from /64 up to /127 are allowed.
Example:
2001:db8::1/64
- bgp
Ipv6State string - The state of the BGP IPv6 session.
- bgp
Ipv6state string - bgp
State string - The state of the BGP session.
- customer
Bgp stringAsn If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.If the tunnel's
routingattribute is set toSTATIC, thecustomerBgpAsnmust be null.Example:
12345(2-byte) or1587232876(4-byte)- customer
Interface stringIp The IP address for the CPE end of the inside tunnel interface.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.If
routingis instead set toSTATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.The value must be a /30 or /31.
Example:
10.0.0.5/31- customer
Interface stringIpv6 The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.If
routingis instead set toSTATIC, you can set this IP address to troubleshoot or monitor the tunnel.Only subnet masks from /64 up to /127 are allowed.
Example:
2001:db8::1/64- oracle
Bgp stringAsn - The Oracle BGP ASN.
- oracle
Interface stringIp The IP address for the Oracle end of the inside tunnel interface.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.If
routingis instead set toSTATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.The value must be a /30 or /31.
Example:
10.0.0.4/31- oracle
Interface stringIpv6 The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.If
routingis instead set toSTATIC, you can set this IP address to troubleshoot or monitor the tunnel.Only subnet masks from /64 up to /127 are allowed.
Example:
2001:db8::1/64
- bgp_
ipv6_ strstate - The state of the BGP IPv6 session.
- bgp_
ipv6state str - bgp_
state str - The state of the BGP session.
- customer_
bgp_ strasn If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.If the tunnel's
routingattribute is set toSTATIC, thecustomerBgpAsnmust be null.Example:
12345(2-byte) or1587232876(4-byte)- customer_
interface_ strip The IP address for the CPE end of the inside tunnel interface.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.If
routingis instead set toSTATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.The value must be a /30 or /31.
Example:
10.0.0.5/31- customer_
interface_ stripv6 The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.If
routingis instead set toSTATIC, you can set this IP address to troubleshoot or monitor the tunnel.Only subnet masks from /64 up to /127 are allowed.
Example:
2001:db8::1/64- oracle_
bgp_ strasn - The Oracle BGP ASN.
- oracle_
interface_ strip The IP address for the Oracle end of the inside tunnel interface.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.If
routingis instead set toSTATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.The value must be a /30 or /31.
Example:
10.0.0.4/31- oracle_
interface_ stripv6 The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.If
routingis instead set toSTATIC, you can set this IP address to troubleshoot or monitor the tunnel.Only subnet masks from /64 up to /127 are allowed.
Example:
2001:db8::1/64
- bgp
Ipv6State String - The state of the BGP IPv6 session.
- bgp
Ipv6state String - bgp
State String - The state of the BGP session.
- customer
Bgp StringAsn If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this ASN is required and used for the tunnel's BGP session. This is the ASN of the network on the CPE end of the BGP session. Can be a 2-byte or 4-byte ASN. Uses "asplain" format.If the tunnel's
routingattribute is set toSTATIC, thecustomerBgpAsnmust be null.Example:
12345(2-byte) or1587232876(4-byte)- customer
Interface StringIp The IP address for the CPE end of the inside tunnel interface.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.If
routingis instead set toSTATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.The value must be a /30 or /31.
Example:
10.0.0.5/31- customer
Interface StringIpv6 The IPv6 address for the CPE end of the inside tunnel interface. This IP address is optional.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.If
routingis instead set toSTATIC, you can set this IP address to troubleshoot or monitor the tunnel.Only subnet masks from /64 up to /127 are allowed.
Example:
2001:db8::1/64- oracle
Bgp StringAsn - The Oracle BGP ASN.
- oracle
Interface StringIp The IP address for the Oracle end of the inside tunnel interface.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is required and used for the tunnel's BGP session.If
routingis instead set toSTATIC, this IP address is optional. You can set this IP address to troubleshoot or monitor the tunnel.The value must be a /30 or /31.
Example:
10.0.0.4/31- oracle
Interface StringIpv6 The IPv6 address for the Oracle end of the inside tunnel interface. This IP address is optional.
If the tunnel's
routingattribute is set toBGP(see IPSecConnectionTunnel), this IP address is used for the tunnel's BGP session.If
routingis instead set toSTATIC, you can set this IP address to troubleshoot or monitor the tunnel.Only subnet masks from /64 up to /127 are allowed.
Example:
2001:db8::1/64
IpsecConnectionTunnelManagementDpdConfig, IpsecConnectionTunnelManagementDpdConfigArgs
- Dpd
Mode string - This option defines whether DPD can be initiated from the Oracle side of the connection.
INITIATE_AND_RESPONDorRESPOND_ONLY - Dpd
Timeout intIn Sec - DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
- Dpd
Mode string - This option defines whether DPD can be initiated from the Oracle side of the connection.
INITIATE_AND_RESPONDorRESPOND_ONLY - Dpd
Timeout intIn Sec - DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
- dpd
Mode String - This option defines whether DPD can be initiated from the Oracle side of the connection.
INITIATE_AND_RESPONDorRESPOND_ONLY - dpd
Timeout IntegerIn Sec - DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
- dpd
Mode string - This option defines whether DPD can be initiated from the Oracle side of the connection.
INITIATE_AND_RESPONDorRESPOND_ONLY - dpd
Timeout numberIn Sec - DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
- dpd_
mode str - This option defines whether DPD can be initiated from the Oracle side of the connection.
INITIATE_AND_RESPONDorRESPOND_ONLY - dpd_
timeout_ intin_ sec - DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
- dpd
Mode String - This option defines whether DPD can be initiated from the Oracle side of the connection.
INITIATE_AND_RESPONDorRESPOND_ONLY - dpd
Timeout NumberIn Sec - DPD timeout in seconds. This sets the longest interval between CPE device health messages before the IPSec connection indicates it has lost contact with the CPE. The default is 20 seconds.
IpsecConnectionTunnelManagementEncryptionDomainConfig, IpsecConnectionTunnelManagementEncryptionDomainConfigArgs
- Cpe
Traffic List<string>Selectors - Lists IPv4 or IPv6-enabled subnets in your on-premises network.
- Oracle
Traffic List<string>Selectors - Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.
- Cpe
Traffic []stringSelectors - Lists IPv4 or IPv6-enabled subnets in your on-premises network.
- Oracle
Traffic []stringSelectors - Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.
- cpe
Traffic List<String>Selectors - Lists IPv4 or IPv6-enabled subnets in your on-premises network.
- oracle
Traffic List<String>Selectors - Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.
- cpe
Traffic string[]Selectors - Lists IPv4 or IPv6-enabled subnets in your on-premises network.
- oracle
Traffic string[]Selectors - Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.
- cpe_
traffic_ Sequence[str]selectors - Lists IPv4 or IPv6-enabled subnets in your on-premises network.
- oracle_
traffic_ Sequence[str]selectors - Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.
- cpe
Traffic List<String>Selectors - Lists IPv4 or IPv6-enabled subnets in your on-premises network.
- oracle
Traffic List<String>Selectors - Lists IPv4 or IPv6-enabled subnets in your Oracle tenancy.
IpsecConnectionTunnelManagementPhaseOneDetails, IpsecConnectionTunnelManagementPhaseOneDetailsArgs
- Custom
Authentication stringAlgorithm - The custom authentication algorithm proposed during phase one tunnel negotiation.
- Custom
Dh stringGroup - The custom Diffie-Hellman group proposed during phase one tunnel negotiation.
- Custom
Encryption stringAlgorithm - The custom encryption algorithm proposed during phase one tunnel negotiation.
- Is
Custom boolPhase One Config - Indicates whether custom configuration is enabled for phase one options.
- Is
Ike boolEstablished - Indicates whether IKE phase one is established.
- Lifetime int
- Internet key association (IKE) session key lifetime in seconds for IPSec phase one. The default is 28800 which is equivalent to 8 hours.
- Negotiated
Authentication stringAlgorithm - The negotiated phase two authentication algorithm.
- Negotiated
Dh stringGroup - The negotiated Diffie-Hellman group.
- Negotiated
Encryption stringAlgorithm - The negotiated encryption algorithm.
- Remaining
Lifetime string - Remaining
Lifetime intInt - The remaining lifetime before the key is refreshed.
- Remaining
Lifetime stringLast Retrieved - The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- Custom
Authentication stringAlgorithm - The custom authentication algorithm proposed during phase one tunnel negotiation.
- Custom
Dh stringGroup - The custom Diffie-Hellman group proposed during phase one tunnel negotiation.
- Custom
Encryption stringAlgorithm - The custom encryption algorithm proposed during phase one tunnel negotiation.
- Is
Custom boolPhase One Config - Indicates whether custom configuration is enabled for phase one options.
- Is
Ike boolEstablished - Indicates whether IKE phase one is established.
- Lifetime int
- Internet key association (IKE) session key lifetime in seconds for IPSec phase one. The default is 28800 which is equivalent to 8 hours.
- Negotiated
Authentication stringAlgorithm - The negotiated phase two authentication algorithm.
- Negotiated
Dh stringGroup - The negotiated Diffie-Hellman group.
- Negotiated
Encryption stringAlgorithm - The negotiated encryption algorithm.
- Remaining
Lifetime string - Remaining
Lifetime intInt - The remaining lifetime before the key is refreshed.
- Remaining
Lifetime stringLast Retrieved - The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- custom
Authentication StringAlgorithm - The custom authentication algorithm proposed during phase one tunnel negotiation.
- custom
Dh StringGroup - The custom Diffie-Hellman group proposed during phase one tunnel negotiation.
- custom
Encryption StringAlgorithm - The custom encryption algorithm proposed during phase one tunnel negotiation.
- is
Custom BooleanPhase One Config - Indicates whether custom configuration is enabled for phase one options.
- is
Ike BooleanEstablished - Indicates whether IKE phase one is established.
- lifetime Integer
- Internet key association (IKE) session key lifetime in seconds for IPSec phase one. The default is 28800 which is equivalent to 8 hours.
- negotiated
Authentication StringAlgorithm - The negotiated phase two authentication algorithm.
- negotiated
Dh StringGroup - The negotiated Diffie-Hellman group.
- negotiated
Encryption StringAlgorithm - The negotiated encryption algorithm.
- remaining
Lifetime String - remaining
Lifetime IntegerInt - The remaining lifetime before the key is refreshed.
- remaining
Lifetime StringLast Retrieved - The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- custom
Authentication stringAlgorithm - The custom authentication algorithm proposed during phase one tunnel negotiation.
- custom
Dh stringGroup - The custom Diffie-Hellman group proposed during phase one tunnel negotiation.
- custom
Encryption stringAlgorithm - The custom encryption algorithm proposed during phase one tunnel negotiation.
- is
Custom booleanPhase One Config - Indicates whether custom configuration is enabled for phase one options.
- is
Ike booleanEstablished - Indicates whether IKE phase one is established.
- lifetime number
- Internet key association (IKE) session key lifetime in seconds for IPSec phase one. The default is 28800 which is equivalent to 8 hours.
- negotiated
Authentication stringAlgorithm - The negotiated phase two authentication algorithm.
- negotiated
Dh stringGroup - The negotiated Diffie-Hellman group.
- negotiated
Encryption stringAlgorithm - The negotiated encryption algorithm.
- remaining
Lifetime string - remaining
Lifetime numberInt - The remaining lifetime before the key is refreshed.
- remaining
Lifetime stringLast Retrieved - The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- custom_
authentication_ stralgorithm - The custom authentication algorithm proposed during phase one tunnel negotiation.
- custom_
dh_ strgroup - The custom Diffie-Hellman group proposed during phase one tunnel negotiation.
- custom_
encryption_ stralgorithm - The custom encryption algorithm proposed during phase one tunnel negotiation.
- is_
custom_ boolphase_ one_ config - Indicates whether custom configuration is enabled for phase one options.
- is_
ike_ boolestablished - Indicates whether IKE phase one is established.
- lifetime int
- Internet key association (IKE) session key lifetime in seconds for IPSec phase one. The default is 28800 which is equivalent to 8 hours.
- negotiated_
authentication_ stralgorithm - The negotiated phase two authentication algorithm.
- negotiated_
dh_ strgroup - The negotiated Diffie-Hellman group.
- negotiated_
encryption_ stralgorithm - The negotiated encryption algorithm.
- remaining_
lifetime str - remaining_
lifetime_ intint - The remaining lifetime before the key is refreshed.
- remaining_
lifetime_ strlast_ retrieved - The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- custom
Authentication StringAlgorithm - The custom authentication algorithm proposed during phase one tunnel negotiation.
- custom
Dh StringGroup - The custom Diffie-Hellman group proposed during phase one tunnel negotiation.
- custom
Encryption StringAlgorithm - The custom encryption algorithm proposed during phase one tunnel negotiation.
- is
Custom BooleanPhase One Config - Indicates whether custom configuration is enabled for phase one options.
- is
Ike BooleanEstablished - Indicates whether IKE phase one is established.
- lifetime Number
- Internet key association (IKE) session key lifetime in seconds for IPSec phase one. The default is 28800 which is equivalent to 8 hours.
- negotiated
Authentication StringAlgorithm - The negotiated phase two authentication algorithm.
- negotiated
Dh StringGroup - The negotiated Diffie-Hellman group.
- negotiated
Encryption StringAlgorithm - The negotiated encryption algorithm.
- remaining
Lifetime String - remaining
Lifetime NumberInt - The remaining lifetime before the key is refreshed.
- remaining
Lifetime StringLast Retrieved - The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
IpsecConnectionTunnelManagementPhaseTwoDetails, IpsecConnectionTunnelManagementPhaseTwoDetailsArgs
- Custom
Authentication stringAlgorithm - The authentication algorithm proposed during phase two tunnel negotiation.
- Custom
Encryption stringAlgorithm - The encryption algorithm proposed during phase two tunnel negotiation.
- Dh
Group string - The Diffie-Hellman group used for PFS, if PFS is enabled.
- Is
Custom boolPhase Two Config - Indicates whether custom configuration is enabled for phase two options.
- Is
Esp boolEstablished - Indicates that ESP phase two is established.
- Is
Pfs boolEnabled - Indicates whether perfect forward secrecy (PFS) is enabled.
- Lifetime int
- Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
- Negotiated
Authentication stringAlgorithm - The negotiated phase two authentication algorithm.
- Negotiated
Dh stringGroup - The negotiated Diffie-Hellman group.
- Negotiated
Encryption stringAlgorithm - The negotiated encryption algorithm.
- Remaining
Lifetime string - Remaining
Lifetime intInt - The remaining lifetime before the key is refreshed.
- Remaining
Lifetime stringLast Retrieved - The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- Custom
Authentication stringAlgorithm - The authentication algorithm proposed during phase two tunnel negotiation.
- Custom
Encryption stringAlgorithm - The encryption algorithm proposed during phase two tunnel negotiation.
- Dh
Group string - The Diffie-Hellman group used for PFS, if PFS is enabled.
- Is
Custom boolPhase Two Config - Indicates whether custom configuration is enabled for phase two options.
- Is
Esp boolEstablished - Indicates that ESP phase two is established.
- Is
Pfs boolEnabled - Indicates whether perfect forward secrecy (PFS) is enabled.
- Lifetime int
- Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
- Negotiated
Authentication stringAlgorithm - The negotiated phase two authentication algorithm.
- Negotiated
Dh stringGroup - The negotiated Diffie-Hellman group.
- Negotiated
Encryption stringAlgorithm - The negotiated encryption algorithm.
- Remaining
Lifetime string - Remaining
Lifetime intInt - The remaining lifetime before the key is refreshed.
- Remaining
Lifetime stringLast Retrieved - The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- custom
Authentication StringAlgorithm - The authentication algorithm proposed during phase two tunnel negotiation.
- custom
Encryption StringAlgorithm - The encryption algorithm proposed during phase two tunnel negotiation.
- dh
Group String - The Diffie-Hellman group used for PFS, if PFS is enabled.
- is
Custom BooleanPhase Two Config - Indicates whether custom configuration is enabled for phase two options.
- is
Esp BooleanEstablished - Indicates that ESP phase two is established.
- is
Pfs BooleanEnabled - Indicates whether perfect forward secrecy (PFS) is enabled.
- lifetime Integer
- Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
- negotiated
Authentication StringAlgorithm - The negotiated phase two authentication algorithm.
- negotiated
Dh StringGroup - The negotiated Diffie-Hellman group.
- negotiated
Encryption StringAlgorithm - The negotiated encryption algorithm.
- remaining
Lifetime String - remaining
Lifetime IntegerInt - The remaining lifetime before the key is refreshed.
- remaining
Lifetime StringLast Retrieved - The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- custom
Authentication stringAlgorithm - The authentication algorithm proposed during phase two tunnel negotiation.
- custom
Encryption stringAlgorithm - The encryption algorithm proposed during phase two tunnel negotiation.
- dh
Group string - The Diffie-Hellman group used for PFS, if PFS is enabled.
- is
Custom booleanPhase Two Config - Indicates whether custom configuration is enabled for phase two options.
- is
Esp booleanEstablished - Indicates that ESP phase two is established.
- is
Pfs booleanEnabled - Indicates whether perfect forward secrecy (PFS) is enabled.
- lifetime number
- Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
- negotiated
Authentication stringAlgorithm - The negotiated phase two authentication algorithm.
- negotiated
Dh stringGroup - The negotiated Diffie-Hellman group.
- negotiated
Encryption stringAlgorithm - The negotiated encryption algorithm.
- remaining
Lifetime string - remaining
Lifetime numberInt - The remaining lifetime before the key is refreshed.
- remaining
Lifetime stringLast Retrieved - The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- custom_
authentication_ stralgorithm - The authentication algorithm proposed during phase two tunnel negotiation.
- custom_
encryption_ stralgorithm - The encryption algorithm proposed during phase two tunnel negotiation.
- dh_
group str - The Diffie-Hellman group used for PFS, if PFS is enabled.
- is_
custom_ boolphase_ two_ config - Indicates whether custom configuration is enabled for phase two options.
- is_
esp_ boolestablished - Indicates that ESP phase two is established.
- is_
pfs_ boolenabled - Indicates whether perfect forward secrecy (PFS) is enabled.
- lifetime int
- Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
- negotiated_
authentication_ stralgorithm - The negotiated phase two authentication algorithm.
- negotiated_
dh_ strgroup - The negotiated Diffie-Hellman group.
- negotiated_
encryption_ stralgorithm - The negotiated encryption algorithm.
- remaining_
lifetime str - remaining_
lifetime_ intint - The remaining lifetime before the key is refreshed.
- remaining_
lifetime_ strlast_ retrieved - The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
- custom
Authentication StringAlgorithm - The authentication algorithm proposed during phase two tunnel negotiation.
- custom
Encryption StringAlgorithm - The encryption algorithm proposed during phase two tunnel negotiation.
- dh
Group String - The Diffie-Hellman group used for PFS, if PFS is enabled.
- is
Custom BooleanPhase Two Config - Indicates whether custom configuration is enabled for phase two options.
- is
Esp BooleanEstablished - Indicates that ESP phase two is established.
- is
Pfs BooleanEnabled - Indicates whether perfect forward secrecy (PFS) is enabled.
- lifetime Number
- Lifetime in seconds for the IPSec session key set in phase two. The default is 3600 which is equivalent to 1 hour.
- negotiated
Authentication StringAlgorithm - The negotiated phase two authentication algorithm.
- negotiated
Dh StringGroup - The negotiated Diffie-Hellman group.
- negotiated
Encryption StringAlgorithm - The negotiated encryption algorithm.
- remaining
Lifetime String - remaining
Lifetime NumberInt - The remaining lifetime before the key is refreshed.
- remaining
Lifetime StringLast Retrieved - The date and time the remaining lifetime was last retrieved, in the format defined by RFC3339. Example:
2016-08-25T21:10:29.600Z
Package Details
- Repository
- oci pulumi/pulumi-oci
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
ociTerraform Provider.